Phishing responses

When I get a Phishing email about a bypothetical PayPal or Ebay account, I
usually return some random data, with an invented witty but offensive
password of the day, to the offending web page in the hope that who is doing
it will waste a few minutes on trying it all out.

Is this a good idea. If all the millions of target users did it, the
phisher would get so snowed under with garbage information he or she
couldn't function.

Advertisements

On Fri, 28 Oct 2005 08:22:30 +0100, "bland" <>
wrote:
>When I get a Phishing email about a bypothetical PayPal or Ebay account, I
>usually return some random data, with an invented witty but offensive
>password of the day, to the offending web page in the hope that who is doing
>it will waste a few minutes on trying it all out.
>
>Is this a good idea. If all the millions of target users did it, the
>phisher would get so snowed under with garbage information he or she
>couldn't function.
>
>bland

Better just report it to the target organisation if the site is
active.

Advertisements

"bland" <> wrote in message
news:djsjjn$6d5$...
> When I get a Phishing email about a bypothetical PayPal or Ebay account, I
> usually return some random data, with an invented witty but offensive
> password of the day, to the offending web page in the hope that who is
> doing it will waste a few minutes on trying it all out.

If this verifying step is done manually, maybe some minutes of the Phisher
are wasted. However, it is no big effort to program a mechanism which try to
login with the provided data. Only if the login was successfully the
Phishing author will be informed. Note that Phishers are often very skilled
people.

Regards,
Michael
>
> Is this a good idea. If all the millions of target users did it, the
> phisher would get so snowed under with garbage information he or she
> couldn't function.
>
> bland
>
>

"Michael Meckelein" <> wrote in message
news:4361eb52$0$22541$-online.net...
> "bland" <> wrote in message
> news:djsjjn$6d5$...
>> When I get a Phishing email about a bypothetical PayPal or Ebay account,
>> I usually return some random data, with an invented witty but offensive
>> password of the day, to the offending web page in the hope that who is
>> doing it will waste a few minutes on trying it all out.
>
> If this verifying step is done manually, maybe some minutes of the Phisher
> are wasted. However, it is no big effort to program a mechanism which try
> to login with the provided data. Only if the login was successfully the
> Phishing author will be informed. Note that Phishers are often very
> skilled people.
>
> Regards,
> Michael

I think it has some effect as I usually get 4 or 5 attempted accesses to my
firewall the day after I do this.

| When I get a Phishing email about a bypothetical PayPal or Ebay account, I
| usually return some random data, with an invented witty but offensive
| password of the day, to the offending web page in the hope that who is doing
| it will waste a few minutes on trying it all out.
|
| Is this a good idea. If all the millions of target users did it, the
| phisher would get so snowed under with garbage information he or she
| couldn't function.
|
| bland
|

It would be far better to submit any phishing attempt email to the Anti-Phishing
Organization.

David H. Lipman wrote:
> From: "bland" <>
>
> | When I get a Phishing email about a bypothetical PayPal or Ebay account,
> | I usually return some random data, with an invented witty but offensive
> | password of the day, to the offending web page in the hope that who is
> | doing it will waste a few minutes on trying it all out.
> |
> | Is this a good idea. If all the millions of target users did it, the
> | phisher would get so snowed under with garbage information he or she
> | couldn't function.
> |
> | bland
> |
>
> It would be far better to submit any phishing attempt email to the
> Anti-Phishing Organization.
>
> http://www.antiphishing.org/report_phishing.html
>
> Just capture Full Headers and Body and send an email to;
>
>
>

It is a good idea to forward the email by making it an attachment. This is
better because the anti-phishing people need to see the full email headers.

| It is a good idea to forward the email by making it an attachment. This is
| better because the anti-phishing people need to see the full email headers.
|
| Imhotep

That will depend on the email application but it does NOT have to be an attachment.

For example, in OE you can choose the properties --> details --> message source and use
Ctrl-A and Ctrl-C to copy the full header and text and then paste it into a new message.

In Pegasus Mail you can view it in Raw Mode and Ctrl-A and Ctrl-C to copy the full header
and text and then paste it into a new message. You can also drag and drop the phishing
email into the body of the new email.

David H. Lipman wrote:
> From: "Imhotep" <>
>
>
>
> | It is a good idea to forward the email by making it an attachment. This
> | is better because the anti-phishing people need to see the full email
> | headers.
> |
> | Imhotep
>
> That will depend on the email application but it does NOT have to be an
> attachment.
>
> For example, in OE you can choose the properties --> details --> message
> source and use Ctrl-A and Ctrl-C to copy the full header and text and then
> paste it into a new message.
>
> In Pegasus Mail you can view it in Raw Mode and Ctrl-A and Ctrl-C to copy
> the full header
> and text and then paste it into a new message. You can also drag and drop
> the phishing email into the body of the new email.
>
> What I'm saying is it does not necessarily need to be an attachment.
>

....sure or you can simply forward the email as an attachment (which is
probably the easiest way to do it).

|
| I usually forward the Phishing e-mails to or
| as appropriate and I get the routine form letter back
| saying "we will investigate".
|
| Does anyone know if these organizations really try to investigate and
| prosecute the phishers? Is there any track record of sucessful
| shutdowns and prosecutions?
|
| Or is it just good public relations for them to feign concern for
| their clients, but not really do anything...
|
| Beachcomber
|

You'll notice that the major AV companies are working with the APWG. The get samples and
wrie signatures for the AV software so email can be detected with said signatures.

Beachcomber wrote:
>
>>
>>...sure or you can simply forward the email as an attachment (which is
>>probably the easiest way to do it).
>>
>>Imhotep
>
>
> I usually forward the Phishing e-mails to or
> as appropriate and I get the routine form letter back
> saying "we will investigate".
>
> Does anyone know if these organizations really try to investigate and
> prosecute the phishers? Is there any track record of sucessful
> shutdowns and prosecutions?
>
> Or is it just good public relations for them to feign concern for
> their clients, but not really do anything...
>
> Beachcomber

I have noticed that when I have forwarded the phishing email, a couple of
days later the site is down....

On Fri, 28 Oct 2005 18:10:54 GMT, (Beachcomber)
wrote:
>Does anyone know if these organizations really try to investigate and
>prosecute the phishers? Is there any track record of sucessful
>shutdowns and prosecutions?

"Imhotep" <> wrote in message
news:...
> David H. Lipman wrote:
>
> > From: "Imhotep" <>
> > | It is a good idea to forward the email by making it an attachment.
This
> > | is better because the anti-phishing people need to see the full email
> > | headers.
> > |
> > | Imhotep
> >
> > That will depend on the email application but it does NOT have to be an
> > attachment.
> >
> > For example, in OE you can choose the properties --> details --> message
> > source and use Ctrl-A and Ctrl-C to copy the full header and text and
then
> > paste it into a new message.
> >
> > In Pegasus Mail you can view it in Raw Mode and Ctrl-A and Ctrl-C to
copy
> > the full header
> > and text and then paste it into a new message. You can also drag and
drop
> > the phishing email into the body of the new email.
> >
> > What I'm saying is it does not necessarily need to be an attachment.
>
> ...sure or you can simply forward the email as an attachment (which is
> probably the easiest way to do it).

....and the one most likely to be automatically blocked, or unreadable to an
automated system. The Clarify helpdesk at w*rk, for example, doesn't even
attempt to open mails with attachments, but simply dumps them in a bin for a
human to look at.

Since these sites must receive the same phishing email thousands of times,
my assumption would be that they are scanned mechanically for URLs. And
placing the full message contents in the body of the email would be the
easiest way to help them do something about the phish.

Don't forget - the headers tell 'em where it came from, but they need the
body of the email to locate the actual website.

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

Share This Page

Welcome to Velocity Reviews!

Welcome to the Velocity Reviews, the place to come for the latest tech news and reviews.

Please join our friendly community by clicking the button below - it only takes a few seconds and is totally free. You'll be able to chat with other enthusiasts and get tech help from other members.
Sign up now!